1. About
2. Environment
3. Architecture
4. Development
4.1. Golang
4.2. Javascript
4.3. Style Guide
4.4. Tests
4.4.1. E2E
4.4.2. Unitary Tests
4.5. Security
5.1. Live reload
5.2. Manager
6. Production
6.1. Helm
6.2. Operator
6.3. Docker compose
The BUILD.md is a file to check the environment and build specifications of horusec-platform project.
The project consists of 9 microservices, 1 database (PostgreSQL by default) and a queue manager (RabbitMQ).
The microservices are:
| Service | Language | Description |
|---|---|---|
| Analytic | Golang | Receives the analysis via broker, and saves the necessary data in its database that will be presented in the dashboard. |
| Api | Golang | Responsible for receiving requests Horusec-CLI via HTTP request to start a new analysis. |
| Auth | Golang | Responsible for managing users, authentication and platform access. |
| Core | Golang | Responsible for managing workspaces, repositories and updating accesses. |
| Messages | Golang | Responsible for sending transactional emails. |
| Migrations | Golang | Responsible for performing the migration in the Horusec database. |
| Vulnerability | Golang | Responsible for managing the vulnerabilities found in the analyses. |
| Webhook | Golang | Responsible for configuring HTTP destinations and triggering analytics performed for third-party services. |
| Manager | Javascript | The project's web interface. |
You can learn more about the architecture in our documentation.
With microservices architecture, we can handle the development of each unit in particular.
For development in Golang microservices (analytic, api, auth, core, messages, vulnerability and webhook) the following steps must be followed:
1. Access the directory corresponding to the microservice you want to work with:
Example:
cd analytic/2. Download the dependencies using the command:
go mod download3. Run the microservice using the command:
go run ./cmd/app/main.goThe graphical interface (manager) is developed with ReactJS, for development you must follow the steps below:
1. Access the directory corresponding to the interface:
cd manager/2. Download the dependencies using the command:
yarn3. Run the interface using the command:
yarn startFor source code standardization, this project use golangci-lint tool as a linter aggregator of Go.
You can perform the lint check using the make command available in each microservice:
make lintThe project has a pattern of dependency imports, the commands below organize your code in the pattern defined by the Horusec team, these commands must be run in each microservice:
make fmtThen, run the command:
make fix-importsAll project files must have the license header. You can check if all files are in agreement by running this command in project root:
make licenseIf it is necessary to add the license in any file, the command below inserts it in all files that do not have the license:
make license-fixEach microservice has its unit tests, and the application as a whole has E2E tests.
The e2e tests are written with the cypress tool.
To run the tests, follow the steps:
1. Access the directory to run the test:
cd e2e/cypress/2. Then, run the command according to your scenario:
make test-e2e-auth-horusec-without-application-adminOr
make test-e2e-auth-keycloak-without-application-adminThe Golang microservices unit tests were written with the standard package and some mock and assert excerpts, we used the testify. You can run the tests using the command below:
make testTo check test coverage, run the command below:
make coverageWe use the latest version of Horusec-CLI to maintain the security of our source code. Through the command below, you can perform this verification in the project:
make securityTo facilitate development, the project has the option of development through Docker images, which simulates a complete Horusec-Platform environment, using all microservices.
This development mode requires previously installed:
- Docker: ^20.0.X
- Docker Compose: ^1.20.X
In the deployments/compose directory, you find the docker-compose files for building the environment.
With all services running through Docker and docker-compose, it is possible to make changes to the source code and these changes will be reflected in the running container.
To start development mode with docker, just run the following command at the root of the project:
make compose-devThis way, all services will be available for use.
The manager microservice is not available for live-reload via docker image.
If you need to make changes to your source code, it is recommended to use the traditional method.
For production environments, we provide the following methods:
-
Kubernetes
- Helm
- Operator
-
Docker
- docker-compose (not recommended)
Helm is a package manager that gathers in a single file, called chart, all the defined resources of Kubernetes that make up an application.
This installation is for you to use the Horusec web application linked to your Kubernetes cluster with Helm.
See how to install Horusec-Platform via Helm in our documentation.
Horusec-operator performs management between the Horusec web services and the Kubernetes cluster. The creation idea came from the community with the desire to simplify the way to install the services in a Kubernetes environment.
See how to install Horusec-Platform via Operator in our documentation.
Docker-Compose is a tool that configures your application services as well as defines and runs Docker applications in various containers. You create and start all the services in your configuration with a single command.
See how to install Horusec-Platform via Operator in our documentation.